Decryption keys | Breaking Cybersecurity News | The Hacker News

The U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named  Dmitry Yuryevich Khoroshev . In addition, Khoroshev has been sanctioned  by the U.K. Foreign, Commonwealth and Development Office (FCD), the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC), and the Australian Department of Foreign Affairs. Europol, in a  press statement , said authorities are in possession of over 2,500 decryption keys and are continuing to contact LockBit victims to offer support. Khoroshev, who went by the monikers LockBitSupp and putinkrab, has also become the subject of asset freezes and travel bans, with the U.S. Department of State offering a reward of up to $10 million for information leading to his arrest and/or conviction. Previously, the agency had  announced  reward offers of up to $15 milli...

DUHK — Don't Use Hard-coded Keys — is a new 'non-trivial' cryptographic implementation vulnerability that could allow attackers to recover encryption keys that secure VPN connections and web browsing sessions. DUHK is the third crypto-related vulnerability reported this month after KRACK Wi-Fi attack and ROCA factorization attack . The vulnerability affects products from dozens of vendors, including Fortinet , Cisco, TechGuard, whose devices rely on ANSI X9.31 RNG — an outdated pseudorandom number generation algorithm — 'in conjunction with a hard-coded seed key.' Before getting removed from the list of FIPS-approved pseudorandom number generation algorithms in January 2016, ANSI X9.31 RNG was included into various cryptographic standards over the last three decades. Pseudorandom number generators (PRNGs) don't generate random numbers at all. Instead, it is a deterministic algorithm that produces a sequence of bits based on initial secret values called a...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

If you think KRACK attack for WiFi is the worst vulnerability of this year, then hold on… ...we have got another one for you which is even worse. Microsoft, Google, Lenovo, HP and Fujitsu are warning their customers of a potentially serious vulnerability in widely used RSA cryptographic library produced by German semiconductor manufacturer Infineon Technologies. It's noteworthy that this crypto-related vulnerability (CVE-2017-15361) doesn't affect elliptic-curve cryptography and the encryption standard itself, rather it resides in the implementation of RSA key pair generation by Infineon's Trusted Platform Module (TPM). Infineon's Trusted Platform Module (TPM) is a widely-used, dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices and is used for secured crypto processes. This 5-year-old algorithmic vulnerability was discovered by security researchers at Masaryk University in the Czech Republic, who have relea...

Last month  WannaCry ransomware  hit more than 300,000 PCs across the world within just 72 hours by using its self-spreading capabilities to infect vulnerable Windows PCs, particularly those using vulnerable versions of the OS, within the same network. But that doesn't mean WannaCry was a high-quality piece of ransomware. Security researchers have recently discovered some programming errors in the code of the WannaCrypt ransomware worm that might allow victims to restore their locked files without paying for any decryption key. After deeply analysing the WannaCry code, security company at Kaspersky Lab found that the ransomware was full of mistakes that could allow some of its victims to restore their files with publicly available free recovery tools or even with simple commands. Anton Ivanov, senior malware analyst at Kaspersky Lab, along with colleagues Fedor Sinitsyn and Orkhan Mamedov, detailed three critical errors made by WannaCry developers that could allow sy...

If your PC has been infected by WannaCry – the ransomware that wreaked havoc across the world last Friday – you might be lucky to get your locked files back without paying the ransom of $300 to the cyber criminals. Adrien Guinet, a French security researcher from Quarkslab, has discovered a way to retrieve the secret encryption keys used by the WannaCry ransomware for free, which works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems. WannaCry Ransomware Decryption Keys The WannaCry's encryption scheme works by generating a pair of keys on the victim's computer that rely on prime numbers, a "public" key and a "private" key for encrypting and decrypting the system's files respectively. To prevent the victim from accessing the private key and decrypting locked files himself, WannaCry erases the key from the system, leaving no choice for the victims to retrieve the decryption key except paying the ransom to ...

Is your PC infected with Ransomware? Either pay the ransom amount to the attacker or spread the infection further to get the decryption keys. Yes, this new technique has been employed by cyber criminals with the latest round of ransomware threat, dubbed Popcorn Time. Initially discovered by MalwareHunterTeam , the new Popcorn Time Ransomware has been designed to give the victim's a criminal way of getting a free decryption key for their encrypted files and folders. Popcorn Time works similar to other popular ransomware threats, such as the Crysis Ransomware and TeslaCrypt, that encrypt various data stored on the infected computer and ask victims to pay a ransom amount to recover their data. But to get their important files back, Popcorn Time gives victims option to pay a ransom to the cyber criminal or infect two other people and have them pay the ransom to get a free decryption key. What's even worse? The victims are encouraged to pay the ransom of 1 Bitcoin (~$75...

A new deadly security vulnerability has been discovered in OpenSSL that affects more than 11 Million modern websites and e-mail services protected by an ancient, long deprecated transport layer security protocol, Secure Sockets Layer (SSLv2). Dubbed DROWN , the highly critical security hole in OpenSSL was disclosed today as a low-cost attack that could decrypt your sensitive, secure HTTPS communications, including passwords and credit card details… ...and that too in a matter of hours or in some cases almost immediately, a team of 15 security researchers from various universities and the infosec community warned Tuesday. Here's what the security researchers said: "We've been able to execute the attack against OpenSSL versions that are vulnerable to CVE-2016-0703 in under a minute using a single PC. Even for servers that do not have these particular bugs, the general variant of the attack, which works against any SSLv2 server, can be conducted in under 8 hour...

Air-gapped computers that are believed to be the most secure computers on the planet have become a regular target for researchers in recent years. Air-gap computers are one that are isolated from the Internet or any other computers that are connected to the Internet or external network, so hackers can't remotely access their contents. But you need to think again before calling them ' Safe .' A team of security researchers from Tel Aviv University and Technion have discovered a new method to steal sensitive data from a target air-gapped computer located in another room. The team is the same group of researchers who had experimented a number of different methods to extract data from a computer. Last year, the team demonstrated how to extract secret decryption keys from computers using just a radio receiver and a piece of pita bread. In 2014, the team devised a special digitizer wristband that had the ability to extract the cryptographic key used to secu...

The Creators of the notorious CryptoWall ransomware virus have managed to raise more than $325 million (£212 million) in this past year alone. Ransomware has emerged as one of the biggest cyber threats to web users in recent times. Typically, hackers primarily gain access to a user's computer system using a ransomware malware, which encrypts all files with a strong cryptographic algorithm, and demand a ransom money to be paid in Bitcoin, typically between $200 and $10,000. In June 2014, researchers first discovered the CryptoWall ransomware attack, and currently, the latest CryptoWall version 3.0 (CW3) is the most sophisticated and complex family of this malware backed by a very robust back-end infrastructure. Must Read:   FBI Suggests Ransomware Victims — 'Just Pay the Ransom Money' According to the latest report  ( pdf ) published by Cyber Threat Alliance (CTA) , an industry group formed last year to study emerging threats, researchers have disco...

If you are among thousands of privacy-conscious people who are still using ' no longer available ' TrueCrypt Encryption Software , then you need to pay attention. Two critical security vulnerabilities have been discovered in the most famous encryption tool, TrueCrypt, that could expose the user's data to hackers if exploited. TrueCrypt was audited earlier this by a team of Security researchers and found to be backdoor-free . James Forshaw , Security researcher with Google's Project Zero — which looks for zero-day exploits — has found a pair of privilege elevation flaws in TrueCrypt package. Last year, TrueCrypt project was dropped after its mysterious developers had claimed the Windows disk-encryption software had ' unfixed security issues '. TrueCrypt is a widely-used ' On-the-Fly ' Open source Hard disk encryption program. Reportedly, TrueCrypt vulnerabilities would not directly allow an attacker to decrypt drive data. Instead, successful exploitation ...

When I say Ransomware, the first nasty piece of malware strikes in the mind is CryptoLocker . A nasty strain of ransomware malware that threatened most of the people around the world by effectively destroying important files of the victims forever. CRYPTOLOCKER - A DEVASTATING THREAT CryptoLocker is a simple rather a devastating piece of Ransomware that encrypts the files on a victim's computer and issues an ultimatum - Pay up or lose your data. CryptoLocker is particularly designed to extort money from computer users by holding computer files hostage until the computer user pays a ransom fee to get them back. Cryptolocker hijacker sniffs out your personal files and wraps them with strong AES-256-bit encryption before it demands money. HOW TO DECRYPT CRYPTOLOCKER? FREE TOOL RELEASED Thanks to security experts, who created an online service where victims whose systems have been encrypted by the CryptoLocker ransomware can get the decryption keys for free. This o...

In a previous story, I reported about a new ransomware threat known as Simplocker discovered by researchers at the security firm ESET, targeting Android users in the UK, Switzerland, Germany, India and Russia, for ransom. Simplocker (Android/Simplocker.A) is the latest Android ransomware that has ability to encrypt the files using Advanced Encryption Standard (AES) on the Android device SD cards demanding users pay a ransom of 260 UAH ( Ukrainian hryvnias ), which is roughly equal to $21 US, for those files to be decrypted. To hide their track, the malware author is using the Command-and-Control server hosted on TOR .onion domain, which makes it difficult to trace the server's physical location or determine who is operating it. The malware collects information about the users' phone such as IMEI number, Operating System, phone model and manufacturer to send it all to Command-and-Control server. STUDENT CRACKS SIMPLOCKER RANSOMWARE Now, an undergraduate stu...

So, How do Hackers compromise a Website? Simply by exploiting the flaws in it, that means they took advantage of the error in the developers' code. Now, this time the hackers itself has left behind a crucial flaw in its malware code which can be exploited by us to help save our computer systems. Believe me, it's not an April Fools' joke! A malicious software program that holds the victims' computer files hostage by wrapping them with strong encryption until the victim pays a ransom fee to get them decrypted, has a critical flaw in its malware code itself that it leaves the decryption key on the victim's computer. The Anti-virus firm Symantec examined a sophisticated malware program dubbed as CryptoDefense (Trojan.Cryptodefense) ransomware , which appeared in the end of the last month. CryptoDefense is one of the complex malware programs that include a number of effective techniques, including Tor anonymity tool usage and Bitcoin digital currency to extort money from victims. Cryp...

Ransomware , a t hreat to internet users that continues to grow in popularity with cyber criminals due to its success and monetary potential. This is nothing new and to be expected. I have noticed many discussions on underground hacking forums about " How to create Ransomware like Cryptolocker malware " or " Malware - hacking tool-kit with ransomware features ". Security intelligence provider,  IntelCrawler has discovered  a new ransomware variant called Locker that demands $150 (£92) to restore files that it has encrypted. Like Cryptolocker , this new ransomware is also nasty because infected users are in danger of losing their personal files forever. Locker mainly spreads by drive-by downloads from compromised websites, disguised itself as MP3 files and use system software vulnerabilities to infect the end user. Once it has infected a system, malware first checks the infected machine has an internet connection or not. Then it deletes any original files from t...